Slashdot Mirror

← Back to Stories (view on slashdot.org)

Apple Snubs Security Firm That Spotted Mac Botnet

Posted by Soulskill on from the doesn't-play-well-with-others dept.

Sparrowvsrevolution writes "Now that it's being increasingly targeted by botnet herders, Apple has a thing or two to learn about cooperating with friendly security researchers. Boris Sharov, the CEO of Dr. Web, the Russian security company that first reported more than half a million Macs were infected with Flashback malware last week, says when his company alerted Apple to the botnet, it never responded to him. Worse yet, on Monday Apple asked a Russian registrar to take down a domain it said was being used to host a command and control server for Flashback, but in fact was a 'sinkhole' that Dr. Web had set up to observe and analyze the botnet. Sharov describes the lack of communication and cooperation as a symptom of a company that has never before had to work closely with the security industry. 'For Microsoft, we have all the security response team's addresses,' he says. 'We don't know the antivirus group inside Apple.'"

9 of 409 comments (clear)

  1. 'We don't know the antivirus group inside Apple.'" by Anonymous Coward · · Score: 5, Informative

    Because there aren't any, I worked for them and customers that called in were routinely told there is nothing to worry about when it comes to malware.
    On their corporate side you would be amazed at who states exactly the same thing when they should know better.

    Just a taste:
    http://www.exploit-db.com/search/?action=search&filter_page=1&filter_description=OS+X&filter_exploit_text=&filter_author=&filter_platform=0&filter_type=0&filter_lang_id=0&filter_port=&filter_osvdb=&filter_cve=

  2. Re:there is no Apple AV group by tacarat · · Score: 5, Informative

    The current version downloads and installs itself. No human interaction required besides viewing an infected webpage. Don't confuse the "viruses are impossible to get on a Mac" crowd more by trying to make them learn the subcategories of malicious software. The fact it was originally a trojan that required the admin password to install versus the drive by installer requiring none is something more for the academics quibble about, not the end users.


    Granted, this is /., so it's academics and fanboys anyhow >.>

    --
    "Common sense will be the death of us all"
  3. Re:Mac's don't get malware by jesseck · · Score: 5, Informative

    Can you please provide any links to folks that have claimed that Macs dont' get malware?

    Here you go:

    Mac Commercial (produced by Apple) and Apple's own webpage

    And yes, "viruses" are not the only kind of malware out there- most people on /. know that. But no one else in my family does, and neither do the vast majority of people those two examples target for marketing. Apple's claim that Mac's don't get "viruses", in my mom's mind, equate to "Apple's don't have malware".

  4. Re:Blaming the messenger by ray_nicov · · Score: 5, Informative

    Dr. Web is one of the leading security companies (at least in Russia) and they've been around since 1992. They are by no means 'nagware' or 'junk scanner' - they tools are legitimate, powerful and useful

  5. Re:there is no Apple AV group by tacarat · · Score: 5, Informative

    http://en.wikipedia.org/wiki/Malware#Trojan_horses

    Apparently I still go by the traditional definition. What do you think I'm missing?

    --
    "Common sense will be the death of us all"
  6. Re:Mac's don't get malware by forkfail · · Score: 5, Informative

    Also:


    As PCMag's Security Watch noted yesterday, Mac users did not have to download or even interact with the malware to become infected. Websites exploited a Java flaw that let Flashback.K download itself onto Macs without warning. It then asked users to supply an administrative password, but even without that password, the malware was already installed.

    From here:

    http://www.pcmag.com/article2/0,2817,2402641,00.asp

    So - yes, it required a trojan-esque password entry to fully activate, but it installed and was active even without it. Which means that it was probably ready and waiting for the next legitimate use of a password entry.

    Your walled garden has been breached, and instead of putting your head in the sand, perhaps you'd better wake up to the fact that yes, security really is, at the end of the day, the user/owner's responsibility.

    --
    Check your premises.
  7. Re:Mac's don't get malware by fuzzyfuzzyfungus · · Score: 5, Informative

    Pre OSX MacOS, while it may have gotten raves for friendliness, and was somewhat less bug riddled, was architecturally more or less a toy OS compared to almost anything contemporary. The ecosystem wasn't as large, and the distribution vectors markedly less efficient; but the Mac malware was out there.

  8. Re:there is no Apple AV group by Anonymous Coward · · Score: 5, Informative

    Woo pedantic! Here are the given definitions, as I understand them:

    Virus = self-propagating, but does not run on its own. Requires some legitimate program which it exploits and modifies saved data to maintain itself. For example: a virus would enter a system as an infected word document, which would add macros into your copy of word infecting all of the word documents you edit after becoming infected. In general, the virus itself is not very useful, but frequently they're used as a piggy-back which downloads a...

    Trojan-horse = program which gives a malicious user control over a system remotely. This is frequently done via IRC, but newer programs have become far more sophisticated using P2P protocols of their own design or hiding it as fake HTTP requests making traffic analysis more difficult. The trojan horse itself is NOT self-propagating, but it will put a ton of hooks around the system to re-download/re-deploy itself if it gets shut off. In general its only goal is to just keep running and allowing the malicious user to abuse the machine. Now frequently the malicious user will use the trojan horse to send out fake emails or other things which leads to propagation, but the program itself doesn't necessarily do it.

    Worm = program which attempts to spread itself. It gets on a host machine and does something (normally immediately, sometimes with an incubation period, frequently involving email, sometimes 0-day exploits to networked computers) to try and get to more machines. After it has attempted to spread itself around, it will frequently follow-up by downloading a trojan horse, or sometimes it will contain the trojan horse functionality itself.

    Straight up worms have kind of fallen out of style these days though. They're a bit too obvious and their repeated, predictable behaviour leads to them being spotted and blocked after not very much time out in the wild. And without some sort of trojan horse functionality there's not much point. Trojan horse functionality allows a central command to update the code and makes the worm a more useful product, eventually getting it on more computers and keeping security researchers guessing longer.

    Anyway, hope this actually gets modded up by someone and people use these and or tell me I'm an idiot.

  9. Re:Mac's don't get malware by Fjandr · · Score: 5, Informative

    Just for kicks:

    "The App Store revolutionized mobile apps. We hope to do the same for PC apps with the Mac App Store by making finding and buying PC apps easy and fun. We can’t wait to get started on January 6."
    --Steve Jobs